185 allow organization specific roles

[calebbourg]

Description

This PR adds a user_roles table that we will use to provide more granularity to our permissions scheme.

The user_roles table is associated with both the users table and, optionally, the organizations table. All users will have an associated user_roles.

As of this PR the available roles are:

• User - default role
• Admin - admin within the scope of an organization.
• SuperAdmin - global admin.

Users with role Admin or User will have a user_roles record with role Admin or User respectively. the user_roles record will be scoped to the organization within which the user has that role.

Users with role SuperAdmin with have a user_roles record with role SuperAdmin and will not have an organization associated with their user_roles record.

Next up

• Incorporating the new table into the API
• Adding user_roles records for existing users
• FE UI

GitHub Issue: [Closes|Fixes|Resolves] #185

Changes

• Add user_roles table via migration
• Add super_admin to enum type role
• Add user_roles entity

Testing Strategy

rebuilding the db:

scripts/rebuild_db.sh

roll back migration

DATABASE_URL=postgres://refactor:password@localhost:5432/refactor sea-orm-cli migrate down -s refactor_platform

re-apply migration

DATABASE_URL=postgres://refactor:password@localhost:5432/refactor sea-orm-cli migrate up -s refactor_platform

Concerns

The migration is written mostly in Raw SQL. I opted for this as seaORM's documentation around migrations is still very lacking in actual usable examples. The main drawback here is portability between postgres and other database products should we ever want to switch. It's highly unlikely that that will ever happen.

You can write migration files in raw SQL, but then you lost the multi-backend compatibility SeaQuery offers.